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(54) Microprocessor device and peripherals 



(57) This invention discloses a microprocessor de- 
vice comprising an execution unit which is governed by 
a master clock signal and a repeatedly programmable 
master clock divider which Is operative to divide the mas- 
ter clock signal. The microprocessor device is operative 
to execute instructions executed by an existing micro- 
processor, wherein said instructions being executed in a 
given number of machine cycles. Furthermore, the 
croprocessor includes a programmable Instruction map- 
per containing a multiplicity of mapping schemes for con- 
trolling the microprocessor apparatus. A tamper-resi 
ant execution device Is Included operative to execute 
structions arriving from an instruction register. The r 
croprocessor device also includes a pseudo-random ac- 
cess delay signal generator which generates a signal for 
determining the number of clock cycles elapsing from a 
memory access Instruction cycle to actual memo^ ac- 
cess. Additionally, a method Is also included for testing 
the contents and integrity of a conditbn signal within a 
single machine cycle. 
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Description 

FIELD OF THE INVENTION 

s The present invention relates to microprocessors. 

BACKGROUND OF THE INVENTION 

The datasheet of the DS80C320 High Speed Micro, commercially available from Dallas Semiconductor, states that 
10 the DS80C320 has a stretch memory cycle feature which (p. 9) "allows the application software to adjust the speed of 
data memory access. The micro is capable of performing the MOVX in as little as two instruction cycles. However, this 
value can be stretched as needed so that both fast memory and slow memory or peripherals can be accessed with no 

However, the stretch memory cycle feature still does not provide timing compatibility of the DS80C320 to existing 
IS devices such as the Intel 80C32 device, as specifically stated on p. 4 of the data sheet: "The exception is critical timing 
since the High Speed Micro performs its instructions much faster than the original.' 

Published French Patent Application No. 2667715 (90 12440) describes a card which receives data or commands 
and transmits an "end of command" or 'reception acknowledgement" signal after a time T of random duration which 
does not indicate the type ol comrrand performed by the card. 

20 

SUMMARY OF THE INVENTION 

It is an object of the present invention to provide a microprocessor which is an optimized and faster version of an 

existing microprocessor and which is selectably timing compatible therewith. 
25 It is also an object of the present invention to provide a method for causing a first microprocessor which is optimized 

and faster than a second microprocessor to become timing compatible with the second microprocessor. 

There is thus provided, in accordance with a preferred embodiment of the present Invention, a microprocessor 

device including an execution unit which is governed by a master clock signal, and a repeatedly programmable master 

clock divider which is operative to divide the master clock signal. 
30 Also provided, in accordance with another preferred embodiment of the present invention, is a microprocessor 

device operative to execute the instructions I,, .... I,, executed by an existing microprocessor, the instructions being 

executed by the existing microprocessor in n,, .... n,, machine cycles respectively, the microprocessor device including 

an execution unit operative to execute the plurality of instructions in my machine cycles respectively, where m| 

< = n| for i = 1 k, and a machine cycle controller operative in response to a 'select microprocessor' signal, to waste 

35 machine cycles such that, for each instruction, the same number of machine cycles are expended by the execution unit 

as by the existing microprocessor. 

Further in accordance with a preferred embodiment of the present invention, the programmable master clock divider 

is one-time programmable. 

Still further in accordance with a preferred embodiment of the present invention, the programmable master ckxk 
40 divider is execution-time programmable. 

Addittonally in accordance with a preferred embodiment of the present invention, the machine cycle controller is 
one-time programmable. 

Further in accordance with a preferred embodiment of the present invention, the machine cycle controller is exe- 
cution-time programmable. 

45 Still further in accordance with a preferred embodiment of the present invention, the execution unit includes a state 

machine. 

Additionally in accordance with a preferred embodiment of the present inventk>n, the execution unit includes a 
microcode controller and associated microcode. 

Further in accordance with a preferred embodiment of the present invention, the machine cycle controller is operative 
so to instruct the execution unit to remain in its cun-ent state until the same number of machine cycles have been expended 
as by the existing microprocessor. 

Still further in accordance with a preferred embodiment of the present invention, the device also includes a clock 
gate and the machine cycle controller is operative to instruct the clock gate to block the ckxk to the execution unit. 

There is also provided, in accordance with another preferred embodiment of the present invention, microprocessor 
55 control apparatus including an instruction register receiving an individual one of aplurality of instruction codes, an intrinsic 
instruction executk>n unit containing a plurality of intrinsic instruction functnns and an input, the unit being operative to 
receive a conUol signal through the input which designates an individual one of the intrinsic instruction functions and to 
execute the designated inlrinsk: instruction function, and a programmable instruction mapper containing a multiplKity 



2 



EP 0 690 370 A2 



of mapping schemes and being operative to employ a selected scheme to convert the instructbn code in the register 
into an intrinsic instruction designation which is provided as a control signal to the input of the execution unit. 

Further in accordance with a preferred embodiment of the present invention, the control signal is stored in a register 
which is loaded by a specific instruction performed by the execution unrt. 
s Still further in accordance with a preferred embodiment of the present invention, the control signal is stored in a 

register which is mapped as a memory location such that the control signal is introduced therein by writing. 

Further in accordance with a preferred embodiment of the present invention, the control signal is stored in a non-vol- 
atile register which is loaded by programming. 

Still further In accordance with a preferred embodiment of the present Invention, the apparatus includes a volatile 
10 register storing the control signal, and a non-volatile register storing a default value which is copied Into the volatile 
register. 

Further In accordance with a preferred embodiment of the present invention, the apparatus also includes a register 
containing a control signal for the clock divider, wherein the register is loaded by a specific Instruction performed by the 
execution unrt. 

*5 still further in accordance with a preferred embodiment of the present invention, the apparatus also includes a 

register containing a control signal for the clock divider, wherein the register is mapped as a memory location such that 
the control signal is introduced therein by writing. 

Further in accordance with a preferred embodiment of the present invention, the apparatus also includes a non-vol- 
atile register which contains a control signal for the clock divider and which is loaded by programming. 

so still further in accordance with a preferred embodiment of the present invention, the apparatus also includes a 

volatile register storing a control signal for the clock divider, and a non-volatile register storing a default value which is 
copied into the volatile register. 

Further in accordance with a preferred embodiment of the present invention, the 'select microprocessor' signal is 
stored In a register which is k>aded by a specific instructksn performed by the execution unit. 

ss still further In accordance with a preferred embodiment of the present invention, the 'select microprocessor' signal 

is stored in a register which is mapped as a memory locatton such that the 'select microprocessor* signal is introduced 
therein by writing. 

Additionally in accordance with a preferred embodiment of the present irrvention, the 'select microprocessor' signal 
is stored in a non-volatile register which is loaded by programming. 
30 Further in accordance with a preferred embodiment of the present inventksn, the apparatus also Includes a volatile 

register storing the 'select microprocessor' signal, and a non^latlle register storing a default value which is copied 
into the volatile register. 

There is also provided, in accordance with another preferred embodiment of the present invention, a tamper-resistant 
execution device operative to execute instructions arriving from an instruction register, the device including an exscutk>n 

35 unit receiving and carrying out instructtons received from the instruction register, a tamper attempt detector operative 
to detect attempts to tamper with the device, and an instruction replacement nrxxJule intermediate the instruction register 
and the execution unit and operative, upon receipt of a tamper attempt detected' input from the detector, to override 
instructions arriving from the instruction register with other instructions. 

There Is further provided, in accordance with another preferred embodiment of the present Invention, a method for 

10 performing a robust conditional jump including testing the contents and the integrity of a condition signal within a single 
machine cycle, jumping to a first location If the condition signal indteates that the integrity of the condition is not main- 
tained, jumping to a second location if the condition signal indicates that the integrity of the condition Is maintained and 
the condition is fulfilled, and jumping to a third location if the condition signal indicates that the integrity of the condition 
is maintained and the condition is not fulfilled. 

■*£ There is further provided, in accordance with another preferred embodiment of the present invention, memory access 

apparatus including a pseudo-random access delay signal generator generating an access delay signal which is at least 
pseudo-random and which determines the number of ckxk cycles to elapse from a memory access Instruction clock 
cycle to actual memory access, and a memory access unit receiving the access delay signal and operative to access 
the memory after the number of ckx;k cycles has elapsed. 

SO Further In accordance with a preferred embodiment of the present invention, the pseudo-random signal generator 

includes a random signal generator. 

Still further in accordance with a preferred emIxxJiment of the present invention, the number of clock cycles allowed 
for memory access, once memory access has initiated, is programmable. 

Further in accordance with a preferred embodiment of the present invention, the range of the random/pseudo-ran- 

ss dom access delay signal is programmable. 

Still further in accordance with a preferred embodiment of the present Invention, the number of cycles allocated to 
machine memory access is programmable. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be understood and appreciated from the following detailed description, taken In conjunc- 
tion with the drawings in which: 

5 

Fig. 1 is a simplified functional block diagram of a peripheral unit for a microprocessor constructed and operative 
in accordance with a preferred embodiment of the present invention; and 

Fig. 2 is a simplified functional btock diagram of a more optimized variation of the apparatus of Fig. 1 . 

10 

Fig. 3 is a simplified block diagram of a peripheral unit whk:h is a modification of the apparatus of Fig. 2, having a 
repeatedly programmable master clock divider. 

Fig. 4 is a simplified block diagram of a microprocessor constructed and operative in accordance with a preferred 
>s embodiment of the present invention having the programmable clock division feature of Fig. 3, without the cycle 
wasting feature of Fig. 2, 

Fig. 5 is a simplified bkxk diagram of microprocessor control apparatus employing a selected mapping scheme, 
which is constructed and operative in accordance with a preferred embodiment of the present invention; 

20 

Fig. 6 is a simplified block diagram of microprocessor control apparatus which includes a tamper-resistant execution 
module 360; 

Fig. 7 is a simplified block diagram of a jump unit constructed and operative in accordance with a preferred embod- 
2S iment of the present Inventnn which Is operative to perform a robust conditional jump; 

Fig. 8A Is a prior art timing diagram for access to memory; 

Fig. 8B Is a preferred timing diagram, provided in accordance with a preferred embodiment of the present invention, 
30 for access to memory; and 

Fig. 9 is a very generalized prior art block diagram of a microprocessor which is useful In understanding the notations 
of Figs. 8A and 88. 

35 Attached herewith is the following appendix which aW in the understanding and appreciation of one preferred em- 

bodiment of the invention shown and described herein: 

Appendix A Is a listing of a suitable program whreh performs the functions of the tables and selector of Fig. 2. 
Altemative or optional implementations of the present invention are illustrated in the drawings by a 'dotted line". 

40 DETAILED DESCRIPTION OF A PREFERRED EMBODINflENT 

Reference Is now made to Fig. 1 which is a simplified functional block diagram of a peripheral unit for a microproc- 
essor device, also termed herein "the 7916 device', which interacts with the execution unit of the 7916 device. The 
peripheral unit of Fig. 1 enables the 7916 device to mimic an existing microprocessor device, or alternatively a selected 
one of a plurality of existing microprocessor devices, the peripheral unit being constructed and operative in accordance 
with a preferred embodiment of the present invention. 

The apparatus of Fig. 1 1ncludes a conventional instruction register 10 feeding Into a plurality of tables including a 
first table 20 storing the number of machine cycles required for each instruction by the microprocessor device itself. The 
plurality of tables also includes one or more second tables 30 which store the number of machine cycles required for 
so each instruction by other existing microprocessor devices or microprocessor device families which perform at least some 
of the same instructbns as does the microprocessor of Fig. 1 , In the illustrated embodiment, the existing microprocessors 
which are supported are the Motorola 6805 CMOS microprocessor family and the Motorola 6805 NMOS mk:roprocessor 

In each table, the number of machine cycles stored for an instruction whk;h the microprocessor device described 
ss by that table does not perform, is zero. 

The tables are addressed by the instnjction register 10 which Indicates the instruction currently being executed. 
Selection of the mimicked device Is performed by a multiplexer 40 whKh receives a control signal. The multiplexer 
40 selects the output of the table representing the device to be mimicked based on the control signal and feeds this 
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data into a subttactor 50 which subtracts from this value the number of machine cycles of the 7916 device arriving 
directly from table 20. 

The output of the subtracter is provided to a positive limiter 60 which zeros input values which are negative. 
The output of the limiter 60 is provided to a cycle waster 70 which receives three control inputs. The first control 
s input indicates the last cycle of the current instruction. The second control input indicates the machine cycle clock. Cycle 
wasting is counted by an internal counter, "count'. The third control input, waste count, indicates the number of cycles 
to wait. Upon each wasted cycle, typically during the rising edge of the "machine cycle clock" control signal, "count" is 
decremented. Cycle wasting is initiated upon receipt of the 'last cycle" Input and continues until "count" reaches 0. The 
output of the cycle waster 70 is a "waste cycles* signal. 
10 A preferred mode of operation for the cycle waster 70 is as follows: 

(STARTED AND CLOCK) { 
IF (COUNT <> 0) ( 

OUT = WASTE_COUNT 
COUNT = COUNT - 1 
)ELSE { 

STARTED = FALSE 

OUT = CONTINUE 

) 



Preferably, the "waste cycles" signal instructs the execution unit 74 of the 7916 device, typically comprising a state 
machine or a microcode controller and associated microcode, to remain in its current state. Alternatively, a clock gate 
80 may be provided and the "waste cycle" signal may instruct the ckjck gate 80 to block the clock to the execution unit. 
^ in which case the clock signal is fed directly into the cycle waster 70 and the tables 20 and 30 store the number of ctock 
cycles required for each instruction. This altemate implementation is illustrated by the 'dotted line' in Figs. 1 and 2. 

According to still a further alternative, the "waste cycles" signal may instruct the executton unit to perform one or 
more operations which have no net effect. For example, the executkan unit may be instructed to carry out a NOP oper- 
ation. 

30 It is appreciated that the apparatus of Fig. 1 may be retrofitted to a conventional microprocessor device such as, 

for example, the DS80C320 which is an optimized faster versk>n of the Intel 80C32, thereby to render the conventional 
microprocessor device capable of mimicking other existing devnes. For example, the DS80C320 may, by virtue of the 
present inventkm, be rendered capable of mimteking the Intel 80C32 whereas, currently, the DS80C320 is incapable of 
mimteking the Intel 80C32 in timing-critical situatkins. 

3S Reference is now made to Fig. 2 which is a more optimized variation of the apparatus of Fig. 1 . Fig. 2 is similar to 

Fig. 1 except that the tables 20 and 30. subtractor 50 and positive limiter 60 are replaced by tables 1 00 which correspond 
in number to the number of existing microprocessors supported by the 7196 device. Each table 100 stores, for each 
instoiction in the instnjction register 1 6, the number of cycles to be wasted, typically the difference between the number 
of cycles required by the 7916 device and by the existing microprocessor. 

The 7916 device does not have a table and therefore the table 20 input to the selector 40 in Fig. 1 is replaced by a 
zero input in Fig. 2. 

According to a preferred embodiment of the present inventwn. the functions of tables 100 and selector 40 in Fig. 2 
are replaced by a program based on Boolean equations representing these functions. Appendix A is a listing of a suitable 
program which performs the functions of tables 100 and selector 40. The program of Appendix A is written in Verikjg 
4S language which is suitable for silicon design. It is appreciated that the particular embodiment described in Appendix A 
is intended only to provide an extremely detailed disclosure of the present invention and is not intended to be limiting. 

Reference is now made to Fig. 3 which is a simplified block diagram of a peripheral unit which is a modification of 
the apparatus of Fig. 2. The peripheral unit of Fig. 3 is generally similar to the peripheral unit of Fig. 2. However, the 
apparatus of Fig. 3 additionally comprises a repeatedly programmable master clock divider 200 which is operative to 
so divide the master ckxk signal governing the execution unit 74 of the associated microprocessor 

A particular feature of the present invention is that the master ckxik divider 200 is controlled by the execution unit 
74, via clock divisbn register 420, during operation thereof, as indicated by the "bad clock divider" input signal. Provisbn 
of the peripheral unit of Fig. 3 facilitates emulatton of existing microprocessors by alk>wing the clock division thereof to 
be emulated in additran to emulation of the number of machine cycles per instruction whfch is provided in both Figs. 2 
ss and 3. 

The advantage of the apparatus of Fig. 3 over the apparatus of Fig. 2 is apparent, for example, in applfcatkans in 
which a program devetoped for an existing microprocessor is to be mimfcked and the timing of a portion of that program 
must be accurately mimksked. The timing of the renrtainder of the same program need not be accurately mimcked. The 
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apparatus of Fig. 3 allows the user to employ a first clock division during the "timing-accurate" portion ot the program, 
whereas, during the remainder of the program, a second clock division may be employed which may provide other 
advantages such as higher speed or less current consumption at lower speed. 

It is appreciated that theclockdivider of Fig. 3 may, similarly, be provided in conjunction with the embodiment of Fig. 1 . 

The embodiments of Figs. 1 and 2 are suitable lor applications in which it is sufficient to mimic the number of machine 
cycles and in which timing is not critical so that it is not necessary to exactly mimic the number of clock cycles. 

The embodiments ot Figs. 1 and 2 may be used for timing-critical applications if the machine cycle clock feeding 
into the cycle waster 70 is replaced by the clock signal arriving from clock 80 and tables 20, 30, of Fig. 1 and tables 1 00, 
of Fig. 2, store the number of clock cycles to be wasted. 

Reference is now made to Fig. 4 which Is a microprocessor constructed and operative in accordance with a preferred 
embodiment of the present invention. The apparatus of Fig. 4 provkJes the programmable clock division feature ot Rg. 
3, however, the cycle wasting feature of Figs. 1 and 2 are omitted. 

The programmable clock division feature of Fig. 4, whether provided stand-alone or in combination with the cycle 
wasting feature of Figs. 1 and 2. allow a programmer to vary the processing speed of his microprocessor. This is par- 
ticularly useful in applications when power consumption considerations are important. Also, when using slow extemal 
peripherals, the apparatus of Fig. 4 alk>ws the programmer to work at a slow speed only while using the slow peripherals 
and to work at a higher speed otherwise. 

The "load clock divider" signal in Figs. 3 and 4 may either be derived by decoding a special kjad instruction or by 
decoding a memory address in which the desired clock divider resides. 

In Figs. 3 and 4. the control of the clock divider 200 by the execution unit of the microprocessor may either be direct, 
as illustrated in Figs. 3 and 4, or indirect, as via a suitable automaton (not shown). Also, the divided ckjck signal may 
be fed into the execution unit either directly or indirectly. 

The cbck division may be one-time programmable in a non-volatile register, either by the manufacturer or by the 
user. Alternatively, the clock division may be programmable during execution time. 

Similarly, the mimicked device selector 40 of Figs. 1 and 3 may be one-time programmable in a non-volatile register, 
either by the manufacturer or by the user Alternatively, the mimicked device selector may be programmable during 
execution time. 

It is appreciated that the specific microprocessors mentioned herein are mentioned merely by way of example and 
are not intended to limit the applicability of the present invention to those particular microprocessors. 

It Is appreciated that the execution unit may control division of the master ckxk signal either directly, as illustrated 
in Figs. 3 and 4, or indirectly, as via a suitable automaton. 

Reference is now made to Fig. 5 which is a simplified bkx:kdiagram of microprocessor control apparatus constructed 
and operative in accordance with a preferred embodiment of the present invention. 

The apparatus of Fig. 5 includes an instruction register 300 receiving an individual one of a plurality of instruction 
codes. 

An intrinsic instruction execution unit 310 contains a plurality of intrinsic instruction functions and an input 320. The 
execution unit 310 is operative to receive a control signal through the input 320 which designates an individual one of 
the intrinsic instruction functions. The designated Intrinsic function is executed by the execution unit 310. 

A programmable instruction mapper 330 is operative to emptoy a selected mapping scheme toconvert the instructkan 
code in the register into an intrinsic instructk>n designatnn which is provided as a control signal to the input 320 of the 
execution unit 310. 

The programmable instruction mapper 330 comprises a mapping scheme depository 340 storing a multiplicity of 
mapping schemes and a programmable mapping scheme code register 350 which provides a control signal comprising 
the code of the mapping scheme which the depository is to employ. 

The number of possible mapping schemes for 8-bit instruction codes is 256!. Typically, a subset of the 2561 mapping 
schemes are provWed. For example, only two mapping schemes may be provided, of which one is the "neutral" mapping 
scheme in which each bit is mapped onto itself and the other mapping scheme is a bit permutatkin followed with an 
inversion of some of the bits, such as the third and fifth bits. 

A preferred VERILOG program for utilizng the "select nrapping scheme* signal to assign a new Instructkjn code in 
accordance with the selected mapping scheme is as follows: 
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always §(irx) 
being 
* being 

if (InOeMUL) 
ir = irx; 

10 

else 

ir={irx[0],irx[3],irx[4] ,irx[7] ,irx[2],irx[5] ,irx[6] ,irx[ll } 
' 8'has5; 

15 

end 
end 

^ In the above sample block, the 'irx' signal arriving from the Instruction register 300 is assigned to 'ir* signal when the 

mapping scheme is neutral. When the bit permutation mapping scheme is activated, 'irx' is pemfiuted and some its bits 
are inverted by the XOR operation, designated in VERILOG with a *'*'. 

Fig. 6 is a simplified block diagram of mk;roprocessor control apparatus which includes a tamper-resistant execution 
module 362. The tamper-resistant execution module 362 includes an executksn unit 364 which performs an instruction 

2S corresponding to an instruction code arriving from an instruction register 370, via the instruction replacement module 
390, whose function is described hereinbek)w. 

A security comparator 374 is operative to receive input from a security sensor array 380 which is operative to detect 
tampering attempts. The security sensor array 380 may include any suitable type of sensor such as but not limited to 
one or more of the following sensor types in any suitable location within the microprocessor light dgtector; temperaturo 

30 detector; voltage-out-ot-range detector, clock frequency out-of-range detector. 

The security comparator 374 compares the input arriving from each sensor of the security sensor array 380 to an 
expected state signal representing the expected state for that sensor. The 'expected state' signal may be stored in an 
expected state register 384 which, optionally, is associated with a non-volatile register 386 whose function is described 
in detail below. 

35 For each sensor, the "expected state' signal may have only two values, corresponding to "no tampering' and tam- 
pering detected'. Optionally, the 'expected state' signal may also have a third value, indicating that the input from that 
sensor should be enabled or disabled. 

The security comparator 374 Is operative to provide a 'lamper detect' signal, indicating whether or not a tampering 
. attempt has been delected, to an instructkxi replacement module 390. Typically the "tamper detect" signal indicates a 
40 tampering attempt if any one of the enabled sensors is not in its expected state. 

The instruction replacement module 390 is enabled if a tampering attempt has been detected and is disabled oth- 
erwise. When enabled, the instruction replacement module 390 is operative to override the instruction amving from 
instruction register 370 with an overriding instruction. Preferably the overriding instruction Is not a load instruction so as 
to prevent secure information stored in microprocessor memory from traveling over the internal busses where It could 
^ be picked up by the tampering party. The overriding Instruction may, for example, be a jump instruction. 

According to the Illustrated embodiment, the overriding Instruction continues to be fed into the execution unit 384 
by the instruction replacement nradule 390 until the security comparator 374 indicates that there Is no tonger any tam- 
pering attempt. 

Preferably, the security comparator 374 and the Instruction replacement module 390 are provided within a single 
so module 362, as shown. Alternatively, the security comparator and/or the instructbn replacement module need not be 
provided in the same module as execution unit 364. 

A preferred VERILOG program for comparing the expected state of the security sensors to their actual state and 
for jamming the instruction Input to the executnn unit if the comparison yields a discrepancy Is as follows: 
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always §(irx or security or ExpectedSecurityState) 
begin 

if (Security == ExpectedSecurityState) 
s ir = irx; 

else 

ir = (irx .* 8'h20) & 8'h20; 

end 

The above block compares the output of security sensor 380 to the Expected Security State stored in register 384. 
10 If a match is found, the output of the instruction register 370, 'irx', is mapped into an 'ir* output signal which is later fed 
to the execution unit. In case of a mismatch, all bits of the instruction except bit 6 are forced to zero by means of the 
AND operation, designated In VERILOG. Bit 6 Is inverted by a XOR operation, designated in VERILOG, resulting 
In two possible instruction codes 8'hOO or 8'h20 which are relative jump instructions for the 6805 microprocessor. 
The "expected state" signal for security comparator 374 may be Introduced Into register 384 In any suitable manner, 
IS such as the following: 

a. The input signal may be introduced into register 384 by means of a specific Instruction performed by the execution 
unit; 

20 b. The register 384 may be regarded as a memory location so that the Input signal may be introduced therein by 

writing. 

c. The register 384 may be non-volatile and the input signal may be programmed Into the register l>y programming 
apparatus or by the microprocessor itself, if it is sell-programming. 

ss 

d. The register 384 may be volatile and an addKional, non-volatile register 386 may be provided, as shown by the 
'dotted line' of the preferred embodiment of Fig. 6. The initial state of volatile register 384 may be determined by 
copying the value stored in the non-volatile register 386, either during power-up or during the reset sequence. 

30 The registers 384 and 386 may be regarded as memory locations so as to allow the contents of register 384 to be 

copied into register 386 by means of standard readAwrite instructions, without resetting. 

It is appreciated that the above methods a. - d. for Introducing an input signal into a register are also applicable to 
the input signal for mimicked device selector 40 of Figs. 1 - 3. A suitable register and the non-volatile register required 
for option d are referenced 400 and 410, respectively In Figs. 1 - 3. 
3S It is appreciated that the above methods a. - d. for introducing an input signal into a register are also applicable to 
the load clock divkjer signal (or programmable clock divider 200 of Figs. 3 - 4. For this purpose, a suitable register and 
the non-volatile register required for option d are referenced 420 and 430, respectively In Figs. 3 - 4. 

It is appreciated that the above methods a. - d. for Introducing an input signal into a register are also applicable to 
the 'select mapping scheme' signal for mapping scheme depository 340 of Fig. 5. For this purpose, a suitable register 
40 and the non-volatile register required for option d are referenced 350 and 360, respectively in Fig. 5. 

Fig. 7 Is a simplified block diagram of a jump unit constructed and operative In accordance with a preferred embod- 
iment of the present invention which is operative to perform a robust conditional jump. 

The apparatus of Fig. 7 includes a conditional jump unit 450 which Is operative In response to an actuating "perform 
robust conditbnal jump" signal received from an instruction decoder 460. 
4S A composite condition signal is received from a suitable source (not shown), either internal or external. The com- 
posite condition signal includes a condition component which determines the jump and an integrity component which 
allows the integrity of the composite condition signal to be verified. For example, the integrity component may Include 
a copy of the condition component and/or may include the I's complement of the condition component and/or may Include 
humming error detection code or any other suitable en-or detection code. The complexity of the integrity component 
so depends on the required degree of confidence in the Integrity of the composite condition signal. 
The jump unit 450 is operative to perform the following operations: 

a. testing the contents and the integrity of the composite condition signal within a single machine cycle; 

ss b. jumping to a first location (go_error) if the condition signal indicates that the integrity of the condition is not main- 

tained; 



c. junnping to a second location (do Jump) if the condition signal indicates that the integrity of the condition is main- 
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tained and the condition Is lulfllled; and 

d. jumping to a third location, such as. for example, the immediately tollowlng location instruction (do_notJump) if 
the condition signal indicates that the integrity of the condition is maintained and the condition is not fulfilled. 

S 

A particular feature of the apparatus of Fig. 7 is that the jump location is determined within the same cycle as the 
integrity check such that it is impossible for the composite condition component signal to lose Its integrity after the integrity 
check and before the jump location is detemiined. 

A preferred VERILOG program for performing a robust jump is as foltows: 

10 

always e (ConditionBits or ConditionGuardBits or Request edJuinp) 
begin 

DoJump = I'hO; //Assume no Jump 

DoNotJump = I'hO; 
IS GoError = I'hO; //Assume no error. 

if (ConditionBits = 'ConditionGuardBits) 
begin 

if (ConditionBits[RequestedJump] == I'hl) 
DoJump = I'hl; 
20 else 

DoNotJump = I'hl; 

end 
else 

GoError = I'hl; 

end 

25 

In the above program, the condition bits are compared with the integrity component bits which is the one's comple- 
ment, designated in VERILOG by the *~* operator. If the conditbn is intact, a requested bit Is checked and a decision 
to Jump or not to Jump is reached. Should the condition prove not intact, a GoError signal is activated to inform the 
outside world of a data integrity problem and no jump is performed. 

30 Fig. 8A is a prior art timing diagram for access to memory of any of the execution units of Figs. 1 - 6, or of the 

microprocessor illustrated generally in Fig. 9. The DS80C320 chip has a stretch memory cycle feature whereby the 
duratkm of the memory access signal, 'access time'. Is programmable. 

In Fig. 8A, there is no delay between the memory request signal to the mennory access signal. In some state of the 
art multiprocessors, there is a delay (not shown) If the memory Is busy due to access by another microprocessor. 

3S Fig. 88 is a preferred timing diagram for access of any of the executton units of Figs. 1 - 6 to memory. It is appreciated 

that the applicability of the timing diagram of Fig. SB is not limited to the embodiments of Figs. 1 -6, but rather is suitable 
for any general microprocessor, including an executnn unit 470, a memory controller 480 and a memory 490, as Illus- 
trated in prbr art Fig. 9. 

The timing diagram of Fig. 8B illustrates a delay between the memory request to the memory access whose duratton, 
40 'delay time', is preferably pseudo-random or even random. Preferably, the range of the pseudo-random or random delay 
duratton is programmable. Preferably, the duration of the memory access signal, 'access time' is also programmable. 

The memory cycle time is measured from the initiation of the memory request signal to the termination of the memory 
cycle completion signal supplied to the execution unit 470 by the memory controller 480 (as demonstrated by the prior 
art embodiment of Fig. 9). Preferably, the memory cycle time is programmable. In this case, there is typically a second 
*s delay period extending from termination of the memory access signal to the beginning of the memory cycle completion 
signal. The length of the second delay perkxl Is the user-selected duratton of the memory cycle, minus the sum of the 
duration of the memory request signal, the pseudo-random/random delay time, the access time, and the duration of the 
memory cycle completed signal. 

It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate 
so embodiments may also be provided in combinatton in a single embodiment. Conversely, various features of the inventton 
which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable 
subcombination. 

It will be appreciated by persons skilled In the art that the present invention Is not limited to what has been particularly 
shown and described hereinabove. Rather, the scope of the present invention is defined only by the claims that foltow: 
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module cycles ( 

// outputs 
// DeltaCycles, 
CyclesDone, 

// inputs 
SuperCycles, 
MimicHMOS, 
Count Down, 
mop, 
ir, 
rarsn 

); 

// output [2:0] DeltaCycles; 

reg[2:0] DeltaCycles, DeltaCyclesX, DCyclesA, 

DCyclesB; 

output CyclesDone; 

reg CyclesDone, PreCyDone, CyclesStart; 

input SuperCycles, MimicHMOS, CountDown, mcp, 
mrsn; 

input [7:0] ir; 



wire 


[3:0] 


IRH = ir[7:4]; 


wire 


[3:0] 


IRL = ir[3:0]; 


wire 


BTB6 




(IRH 


== 4'hO); 


wire 


BSC3 




(IRK 


= 4 'hi); 


wire 


REL2 




(IRH 


== 4'h2); 


wire 


DIR2 




(IRH 


= 4'h3); 


wire 


IHA2 




(IRH 


= 4'h4) ; 


wire 


IHX2 




(IRH 


== 4'h5); 


wire 


1X13 




(IRH 


= 4'h6); 


wire 


1X23 




(IRH 


= 4'h7) ; 


wire 


1X123 




1X13 


1 1X23; 


wire 


INH82 




(IRH 


= 4'h8); 


wire 


INH90 




(IRH 


== 4'h9) ; 


wire 


IMMO 




(IRH 


== 4 'ha) ; 


wire 


DIRl 




(IRH 


== 4'hb); 


wire 


EXTl 




(IRH 


= 4 'he); 


wire 


HX22 




(IRH 


== 4'hd) ; 
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43 


wire 


HX12 = (IRH = 


= 4'he); 


44 


wire 


HXX2 = (IRH 


== 4'hf) ; 


45 


wire 


DIREXTl = DIRl 


1 EXTl; 


46 


wire 


HX122 = HX22 I 


HX12; 


47 


wire 


HX12X2 = HX122 


1 HXX2; 


48 









49 wire RTIL = (IRL 

50 wire RTSL = (IRL 

51 wire SWIL = (IRL 

52 wire STAL = (IRL 

53 wire JMPL = (IRL 

54 wire RSPL = JMPL; 

55 wire TSTL = (IRL 

56 wire BSRL = TSTL; 

57 wire NOPL = TSTL; 

58 wire STOPL = (IRL 

59 wire CLRL = (IRL 

60 wire STXL = CLRL; 

61 wire WAITL = CLRL; 
62 

63 wire TSTCLRL = TSTL | CLRL; 

64 wire STASTXL = STAL | STXL; 

65 wire RTIRTSL = RTIL | RTSL; 

66 wire RSPNOPL = RSPL | NOPL; 

67 wire SJJS = STAL i JMPL | BSRL | STXL; 

68 wire SXJS = STAL | BSRL | STXL; 
69 

70 wire MULO = (ir 8'h42); 
71 

72 always @(SuperCycles or ir or MimicHMOS) 



^ 73 begin 

74 if (SuperCycles) DeltaCyclesX = 3'hO; 

75 

76 else begin 

77 if (MimicHMOS) 

78 begin 

79 // Most instructions are one cycle more 

80 efficient 

81 DeltaCyclesX = 3 'hi; 
82 

83 // 2 cycles more efficient: 



•hO) 
•hi) 
•h3) 
•h7) 
■he) 



' he) ; 
•hf); 
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s 84 if (REL2 | I (DIR2 && ITSTCLRL) i | {IHA2 &S 

85 !MULO) I I IHX2 1 | 

86 (INH82 && (RTIRTSL || SWIL) ) || (DIREXTl 

87 && STASTXL) II (HX12X2 && !SJJS) || 

88 (HX122 && JMPL) ) 

10 89 DeltaCyclesX = 3'h2; 
90 

91 // 3 cycles more efficient: 

92 else if (BSC3 I I (DIR2 && TSTCLRL) | | 

93 (1X123 && ITSTCLRL) || (DIREXTl && BSRL) || 

« 94 (HX12X2 && STASTXL) | j (HXX2 && BSRL) ) 

95 DeltaCyclesX = 3'h3; 
96 

97 // 4 cycles more efficient: 

98 else if ((1X123 && TSTCLRL) || (IMMO && 
^ 99 BSRL) I I (HX122 && BSRL) ) 

100 DeltaCyclesX = 3'h4; 
101 

102 // 6 cycles more efficient: 

103 else if (BTB6) 

^ 104 DeltaCyclesX = 3'h6; 
105 

106 // 0 cycles more efficient: 

107 else if (MULO | | (INH82 && (STOPL j | 

108 WAITL) ) II (INH90 && ! (RSPL jj NOPL) ) || 
^ 109 (IMMO && !SJJS) ) 

110 DeltaCyclesX = 3'hO; 

111 end 
112 

113 else 

^ 114 begin // Mimic CMOS 

115 // Most instructions are one cycle more 

116 efficient 

117 DeltaCyclesX = 3'hl; 
118 

119 // 2 cycles more efficient: 

120 if ((DIR2 && CLRL) || (1X123 && ICLRL) || 

121 (INH82 && RTIRTSL) | j (IMMO && BSRL) | j 

122 (HX12X2 && STASTXL) | I (HX122 && BSRL) ) 

123 DeltaCyclesX = 3'h2; 
124 

125 // 3 cycles more efficient: 
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126 else if (1X123 && CLRL) 

127 DeltaCyclesX = 3'h3; 
128 

129 // 0 cycles more efficient: 

130 else if ((INH90 && IRSPNOPL) || (IMMO && 

131 !BSRL) I I (DIREXTl && !SXJS) | | 

132 (HXX2 && JMPL) || MULO || (INH82 && 

133 (STOPL I I WAITL) ) ) 

134 DeltaCyclesX = 3'hO; 



135 end 

136 end 

137 end 
138 

139 always e(PreCyDone or CyclesStart) 

140 begin 

141 if (PreCyDone == I'bO) ' 

142 CyclesDone = CyclesStart; 

143 else 

144 CyclesDone = I'bl; 

145 end 
146 

147 always @ (DeltaCyclesX) 

148 CyclesStart = - ( IDeltaCyclesX) ; 
149 

150 always 8 (DeltaCycles) 

151 PreCyDone = -( IDeltaCycles) ; 
152 

153 always @ (Count Down or DeltaCyclesX or DeltaCycles) 

154 begin 

155 if (CountDown == I'bO) 

156 DCyclesA = DeltaCyclesX; 

157 else 

158 DCyclesA = DeltaCycles; 

159 end 

160 

161 always (? (DCyclesA) 

162 DCyclesB = DCyclesA - 1; 
163 

164 wire clock = (mcp & CountDown) ; 
165 

166 always @ (posedge clock or negedge mrsn) 

167 begin 
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168 if ( tmrsn) r 

169 DeltaCycles = 3 'bill; 

170 else 

171 DeltaCycles = DCyclesB; 

172 end 
173 

174 endmodule 



1. A microprocessor device comprising. 

an execution unit whicli is governed by a master clock signal; and 

a repeatedly programmable master clock divider which is operative to divide the master clock signal. 



A microprocessor device operative to execute the instructions I, , . .., I|, executed by an existing microprocessor, said 
Instructions being executed by the existing microprocessor in n,, n,, machine cycles respectively, the microproc- 
essor device comprising: 

an execution unit operative to execute the plurality of instructions In m, m,, machine cycles respectively, 

where m| < = nj for i = 1, k; and 

a machine cycle controller operative in response to a 'select microprocessor' signal, to waste machine cycles 
such that, for each Instruction, the same number of machine cycles are expended by the execution unit as by the 
existing microprocessor. 



4. A microprocessor device according to claim 1 wherein the programmable master clock divider is executbn-tlme 
programmable. 

5. A microprocessor device according to claim 2 wherein the machine cycle controller Is one-time programmable. 

6. A microprocessor device according to claim 1 wherein the machine cycle controller is execution-time programmable. 

7. Microprocessor control apparatus comprising: 

an instruction register receiving an individual one of a plurality of instruction codes; 

an Intrinsic Instructbn execution unit containing a pluralrty of intrinsic instruction functions and an input and 
operative to receive a control signal through the input which designates an individual one of the intrinsic instruction 
functions and to execute the designated intrinsic instruction function; and 

a programmable instruction mapper containing a muKlplicity of mapping schemes and being operative to 
employ a selected scheme to convert the Instruction code In the register Into an Intrinsic instructton designation 
which is provided as a control signal to the input of the execution unit. 

8. A tamper-resistant execution device operative to execute instructk)ns arriving from an instmction register, the device 
comprising; 

an execution unit receiving and carrying out instructions received from the instruction register; 
a tamper attempt detector operative to detect attempts to tamper with the device; and 
an instruction replacement module intermediate the instructkxi register and the executkm unit and operative, 
upon receipt of a "tamper attempt detected' input from the detector, to override instructions arriving from the instruc- 
tion register with other instructions. 

9. A method for performing a robust conditional jump comprising: 

testing the contents and the integrity of a condition signal within a single machine cycle; 



14 



EP 0 690 370 A2 



jumping to a first location if the conditbn signal indicates that the integrity o1 the condition is not maintained; 
jumping to a second location if the condition signal indicates that the Integrity of the condition is maintained 
and the condition is fulfilled; and 

jumping to a third location if the condition signal indicates that the integrity of the condition is maintained and 

the condition is not fulfilled. 

10. Memory access apparatus comprising: 

a pseudo-random access delay signal generator generating an access delay signal which is at least 
pseudo-random and which determines the number of clock cycles to elapse from a memory access instruction clock 
cycle to actual memory access; and 

a memory access unit receiving said access delay signal and operative to access the memory after said 
number of clock cycles has elapsed. 
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